SCMagazine.com is reporting that at least 4,500 debit and credit cards in the US and Canada have been compromised by JackPOS: a new type of PoS malware based on the RAM scraping Alina family.
According to researchers at IntelCrawler who discovered the campaign, the threat actors used well-known methods of gathering credit card dumps and memory parsing, but masked their activities in a “drive-by” fashion by replacing the legitimate Java update scheduler file with bogus, malware-laden code designed to look like the Java Platform SE Binary. What’s more, the loaders were written in AutoIt script, which is increasingly being used by threat actors to carry out PoS malware attacks and evade anti-virus products.
This isn’t the first — and certainly won’t be the last — story in 2014 that exposes yet another PoS malware campaign. Threat actors worldwide are no doubt emboldened by the success of Dexter, as well as the high-profile attacks at Target, Neiman Marcus, and elsewhere – not to mention all of the ongoing campaigns that we don’t yet know about, but will come to light in the weeks and months ahead as consumers get their credit card bills and review their bank statements.
While there is no way to 100% prevent PoS malware attacks, retailers can immediately and cost-effectively augment their security system through automated traffic log analysis which, when combined with Big Data analytics that uses machine learning algorithms, can identify anomalies within network traffic and detect unknown threats that have already breached the perimeter.
Learn more about the technology that revealed new information behind the Target PoS attack by watching an on-demand presentation: Nip Advanced Threats in the Bud and Protection Your Company’s Reputation.
// ]]>
// ]]>
The post New JackPOS PoS Malware Evades Anti-Virus Products to Compromise at Least 4,500 Payment Cards appeared first on Seculert Blog on Advanced Threats and Cyber Security.
